Enrico Micillo

Experience

• 

  System Management s.r.l.

  Sept 2007 - Nov 2011

  Consulting on-site for ICT Security Division of Poste Italiane S.p.A.RISK ASSESSMENT:- Definition of security requirements needed to provide an appropriate risk mitigation for systems/applicationsINCIDENT HANDLING:- Support to implementation of a complex infrastructure for handling information security incidents NETWORK MANAGEMENT- HTTP and FTP sessions analysis and filtering: Implementation of a network solution to filter incoming/outcoming sessionsDATA LOSS PREVENTION- Data Loss Prevention: Installation, configuration and customization of a data loss prevention system. Definition of policies. Show less

  • IT Research & Development Engineer at System Management S.r.l.

    Jan 2010 - Nov 2011

  • IT Security Consultant per Poste Italiane

    Sept 2007 - Nov 2011
• 

  System Management S.r.l

  Jan 2010 - Nov 2011

  IT Presales

  - Benchmarking of market-leading products in the ICT Security- Definition of technical and economic proposals

• 

  EY

  Dec 2011 - Feb 2022

  Senior Manager within the IT Risk and Assurance Sub-Service Line of EY Italy. He manages numerous projects in IT Audit, IT Security and Compliance and IT Risk Management.Main activities:• GDPR: Assessment and gap analysis according to the principles of new EU Privacy Regulation; GDPR Compliance support services for primary Italian Clients in different sectors• IT Security Governance Assessment (according to "Framework Nazionale per la Cyber Security", ISO 27001 standards and Cobit5)• Defining Policies and Procedures for compliance monitoring and for the review / update of the Management Systems (ISO / IEC 27001, ISO 20000: 2011, ISO 22301: 2012, D.Lgs. 262/05, D.Lgs. 196/03, General Data Protection Regulation (EU) 2016/679)• Assessment and support to Trust Service Providers (TSPs) in accordance with European Regulation eIDAS (EU Reg. n. 910/14)• IT Audit: Assessments of the internal control system;• IT General Controls (ITCG) and IT Application Controls (ITAC)• Technical analysis supporting the evaluation of the control management system within the process of the Initial Public Offering (IPO)• Audit in accordance with the international standard ISAE 3402 (International Standards for Assurance Engagements), in collaboration with international team EY• Information Risk Assessments, with support on Risk Treatment and Risk Monitoring phases;• Compliance assessments on the measures that TLC operators should provide to ensure the security and integrity of networks;• IT Compliance Assessment, with reference to different regulations, frameworks and international standards (196/03, 262/05, 231/01, 5 COBIT, ISO27000, ISO27001, ...)• Audit in accordance with the AICPA / CICA WebTrust Program for Certification Authorities for two Italian CA service providers• Definition of policies, procedures and operating instructions in scope to IT processes• Assessments of the processes of ICT governance Show less SOFTWARE QUALITY & SECURITYDefinition and implementation of a software evaluation framework, developed according to international standards of software quality and evaluation (ISO/IEC 9126, ISO/IEC 14598, ISO/IEC 15939) and software security best-practices (OWASP, CWE). Design of a dashboard with the introduction of KPIs and KRIs for monitoring software quality and security metrics.ICT SECURITY SOLUTION DESIGNSupport to design solutions for Strong Authentication.ISO 27001 COMPLIANCEDefinition of checklists to the verification of compliance with the international standard ISO/IEC 27001 in the management processes for information systems.PRIVACY COMPLIANCEDesign and implementation of Information Security Management System and support to activities to meet the requirements of Legislative Decree no. 196/03 (Italian Code of Privacy).IT AUDIT ACTIVITIESAudit for different Clients according to the International Standard on Assurance Engagements (ISAE 3402).Assessment of the migration process of the ERP and SAP Systems for many Clients:- Process Verification- Inspections on tests performed by the company- Data migration checkoutsSignificant experience in IT audit support for the audit of financial statements from leading national and international groups. Show less

  • Associate Partner

    Dec 2019 - Feb 2022

  • Senior Manager, CISM, Lead Auditor ISO27001:2013, Cobit 5

    Mar 2013 - Feb 2022

  • Senior Consultant

    Dec 2011 - Feb 2013
• 

  EY Advisory SpA

  Jan 2016 - Dec 2019

  Senior manager
• 

  Accenture

  Feb 2022 - now

  Security Innovation Principal Director